Re: Firewall and Router

I understand the differences in theory between software/hardware firewalls (incoming protection vs. bidirecdtional), but what I can't figure out is how to USE the software firewall with respect to outgoing info. I've used Norton Pers. Firewall for a long time, but every time I get a message "Program X is trying to access the internet," it never seems to give me enough information for me to determine whether this access attempt is something legitimate, or something evil. The Norton "help" (ha!) files are pretty uninformative, and I've just never seen a document that tells me more than "you should be nervous" when you get a report of attempted outgoing access. Any suggestions for futrher reading, or an easy rule of thumb?

Re: Firewall and Router

Don't know about Norton, but Sygate (Personal Firewall) allows viewing the traffic logs. By selecting any entry, you can "backtrace" the entry and then perform a "whois" to see exactly where the request is coming from or going to. Norton <font color=blue>may</font color=blue> have a similar feature.

JohnA Child's Mind, Once Stretched by Imagination...Never Regains Its Original Dimensions

Re: Firewall and Router

In addition to what John said, I imagine that most of us "know" the software we have installed that is likely to need access to the internet and proceed accordingly. For example, my AV program performs updates semi-automatically, my clock synch program checks the time for me, Mailwasher checks my mail server every 10 minutes, and so on. Yes, there is always the possibility that one of these "trusted" programs gets hijacked, but those chances are slim. The ones you've got to watch out for are the "names" that might jump up that you've NEVER heard of. In addition, a lot of the questions you see flying around are about WINDOWS programs or DLLs that are trying to contact the internet and the user doesn't know why. That kinda stuff might take a little detective work.

Re: Firewall and Router

If the program is one that you recognize as having a good reason to access the network, it usually is okay. The feature is designed to catch the ones that you don't recognize or which might be masquerading as part of Windows. More sophisticated firewalls also will tell you when program files have changed since you last approved them. As with the feature you described, unless you remember updating those files, it's difficult to know for sure whether you should permit the access. Usually, saying "No" is a good diagnostic. If nothing bad seems to happen, the network access may have been unnecessary.